Known issues in Access Management
The following list describes issues that are known to exist in Access Management.
- LDAP usage with IIS and Windows
-
If Access Management is installed as an IIS website and you are using a Windows identity provider, configuring another IdP for LDAP can produce errors. In some browsers, including Chrome, users will be unable to log with in with their LDAP credentials and the Access Management logs will show an "Unexpected authentication scheme" error.
As of Tridion Sites 10, you can avoid this issue by installing Access Management as Windows service rather than as an IIS website. In this setup, you can use both Windows and LDAP identity providers in parallel with no errors.
- Unable to log in to Access Management if the IdP is misconfigured
- Login errors with a new IdP in a scaled-out Access Management environment
-
When creating a new identity provider and attempting to validate, the system returns a 404 - page not found error. The same error occurs for a user trying to log in with the IdP.
Such an error can occur when running Access Management in scaled out environment, that is, there are multiple Access Management service instances running under load balancer. The error occurs because the authentication schema for the new IdP has been saved to the one Access Management instance but it has not yet been applied to the other instances. To resolve this, you need restart all of the Access Management instances, which will ensure are they all in sync.